one time pad breakable debate

This is a discussion on one time pad breakable debate within the General Discussions forums, part of the Community Boards category; one time pad breakable debate
conversation moved to general discussion. since one time pad discussion is not part of the ...

one time pad breakable debate

one time pad breakable debate

conversation moved to general discussion. since one time pad discussion is not part of the contest thread. it should have its own thread.

if it can be done. then it can be undone. simple mathematics referring to the one time pad. brute force from a-z for example a character only a-z one time pad is where the debate is. that may be guess work to the actual message. once the message is exposed it is broken. much better to do with a copy of the key for a reassured confident claim of undoing a one time pad. sure.

i understand clearly what you are saying. too many alternative words show up that have nothing to do with the key or the message text.

'cannot see the wood for the trees'

by the same token

The main problem concerning the use of a one time pad is key management: the key material must be established in advance over a secure channel, be sufficient for all secure communication until new key material can be established, and then only ever used once.

a secure channel ? you can not know for sure ever if the channel is secure. an assumption of reasonable security is made.

as said already the message exposed along with other words that also make sense that have nothing to do with the key or message when exposed are different than jumbled text that do not make a word. at least with the exposed words you have a place to start applying external intel to what you have to see what fits or makes the most sense as to which message was the real one encrypted. one time pads are breakable. <crash sound>

The reason a one time pad cannot be broken is that it can produce a huge amount of semi-valid (as in answers that might appear to valid when read, but actually aren't) decryption answers, and without knowing the actual key used, or parts of what the plaintext should be, you have no way of knowing if you've gotten the correct answer or not.

a secure channel ? you can not know for sure ever if the channel is secure. an assumption of reasonable security is made.

Yes you can. A "secure channel" doesn't automatically translate to digital communication. If you for example meet with someone and tell them the key face to face in a place you know isn't under audio surveillance you can be sure that the "message channel" is indeed secure.

Btw, if you are so convinced one time pads can so easily be broken then here's an exercise for you.

Given any ciphertext encrypted with a one time pad, I can construct a pad which, when used to decrypt the ciphertext, yields a zip file full of child porn.

It should be immediately obvious than when each ciphertext bit is the product of a plaintext bit with a unique key bit, that the cipher is unconditionally secure. Anyone who thinks otherwise is lacking some basic logic abilities.

I don't know math and I am still not this krazy. You might get a good batting average for Wheel of Fortune type "common phrases" but there is just no way you could do a couple of paragraphs even once without a warehouse full of mainframes -- for a couple weeks.

Given any ciphertext encrypted with a one time pad, I can construct a pad which, when used to decrypt the ciphertext, yields a zip file full of child porn.

Yes this is what I meant by a semi-valid result. You get a result that might seem valid, ie. a zip file where the crc of it checks out okey and all.. And it is possible that this might have been the unencrypted plaintext but it is impossible to know for sure.

I don't know math and I am still not this krazy. You might get a good batting average for Wheel of Fortune type "common phrases" but there is just no way you could do a couple of paragraphs even once without a warehouse full of mainframes -- for a couple weeks.

It's not a matter of computing power. It is IMPOSSIBLE. For each plaintext bit, there is a key bit. The key bit is not correlated to the plaintext bit. The number of possible plaintexts is equal to the number of keys. Thus, absolutely no information about the plaintext is contained in the ciphertext.

One time pads are usually implemented by XOR:

Code:

ciphertext = plaintext ^ key

Using algebraic property of XOR, we get:

Code:

key = ciphertext ^ plaintext

Thus, for ANY ciphertext, I can construct a key, which when applied to the ciphertext, yields an arbitrary plaintext.

The proof is not dependent on XOR. So long as the number of key bits is equal to or greater than the number of plaintext bits, the cipher cannot be broken. Period.

Okay Well what I meant is that with a warehouse full of mainframes for a few weeks you could generate all the possible keys for say a 1000 byte message -- not sure how big 2^8000 is but pretty big. Probably I do not even know the word for a number that big. Actually maybe you could do this on your desktop during this millennium.

Once you have all the keys all you have to do is narrow down the possibilities.

By generating all possible keys (let's agree for now it would be feasible), you are generating all possible permutations to the 1000 byte message. One of those keys will result in an excerpt of War & Peace, another in a rather lengthy laundry list.

And one of them will contain the repeated phrase "This cipher can't be broken!".

Okay Well what I meant is that with a warehouse full of mainframes for a few weeks you could generate all the possible keys for say a 1000 byte message -- not sure how big 2^8000 is but pretty big. Probably I do not even know the word for a number that big. Actually maybe you could do this on your desktop during this millennium.

Once you have all the keys all you have to do is narrow down the possibilities.

You cannot narrow down the possibilities when the set of possibilities is, literally, the set of all possible strings of length N. Any string of length N could have been the plaintext, and a key exists for each such string.

So my computer's whole millennium would be for nought, is what you are saying.

You would find every valid-looking plaintext that can be formed from N bits. Among all the brute force decryptions, one of them would be correct, but there is no way of knowing which of the valid-looking decryptions is correct.

Going back to _Mike's example, I have a two-letter word. The ciphertext is 0xA109. What's the plaintext? Surely an exhaustive search of 65536 possibilities should take only a fraction of a second.

One thing that will pop out is "in". Another thing that will pop out is "up". Another thing that will pop out is "an". Also, "it", "if", "hi", "as".... Which one is the proper decryption? You can't tell. The only way to know is by knowing the true key. This is what we mean by "unbreakable." Even brute force doesn't work.

Sure but -- this is just conjecture -- I bet the number of valid english words included in that 65536 combinations, as a ratio, is much higher than the ratio of grammatically valid, rationally coherent/meaningful messages you could fit into 1000 ascii bytes vs. the 2^8000 possibilities -- a number which in my math ignorance I think has at least several hundred digits.

if it can be done. then it can be undone. simple mathematics referring to the one time pad.

That is obvious and true, if you possess the one time pad (i.e., the key).

Originally Posted by kryptkat

brute force from a-z for example a character only a-z one time pad is where the debate is. that may be guess work to the actual message.

That would be useless guess work, since every unit of the ciphertext depends on a unit of the key that is independent of all other units.

The only useful guess work is to guess the message given the length of the ciphertext. But this guesswork requires a great amount of external knowledge, to the point where one might even be able to deduce the message without the ciphertext, which would imply that the encryption was not useful in the first place.

Originally Posted by kryptkat

once the message is exposed it is broken.

The problem is, the message cannot be exposed, because it is hiding in safety among the other plausible messages.

Originally Posted by kryptkat

much better to do with a copy of the key for a reassured confident claim of undoing a one time pad. sure.

Huh? The key is supposed to be secret. A sane attacker who is in possession of the key (and knows the algorithm) would not bother with cryptanalysis. He/she would decrypt the ciphertext immediately. To talk about "a reassured confident claim of undoing a one time pad" in this context is thus rubbish.

I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.